Usually, the different scenarios of providing online services, e.g., software as a service (SaaS), platform as a service (PaaS), infrastructure as a service (IaaS), etc., are commonly referred to as cloud computing. Typically, the servers, either physical or virtual, that are hosting such online services, e.g., by running corresponding software applications, are not directly exposed in public networks. The access to the services provided by such hosts is usually dispatched by so called reverse proxies. A reverse proxy is accessible online, e.g., on a public network, and retrieves or exposes the online services to a client or clients that are requesting them by connecting to the corresponding host or hosts via a private network.
One of the challenges in such computing environments is how the applications providing online services are authenticated by the reverse proxies when connections are established. One of the most common methods is by using security certificates which can be verified on both sides of the connection. In this case, the application host name is part of the certificate subject and the reverse proxy can compare the actual name of the host it connects to with the one from the provided certificate. This approach relies on the usage of a domain name system (DNS) service, which can be compromised. Alternatively, the authentication may rely on checking IP addresses instead of host names. However, the private networks like those used in cloud computing environments, reuse a relatively small set of IP addresses, which can be identified and misused for malicious purposes.